General

  • Target

    bff5cd0eab781940d062b34c408f71354b17f8a3bbe30f4b8685da1d4b6be4c5

  • Size

    186KB

  • Sample

    221123-j1z33agd26

  • MD5

    e22f5d82448333c9047bafe9d1331d5f

  • SHA1

    4be6fce8f1c01d622e9570a09c1632a96218e474

  • SHA256

    bff5cd0eab781940d062b34c408f71354b17f8a3bbe30f4b8685da1d4b6be4c5

  • SHA512

    1bf0ecc04bb0a4f0569769191bb68f040dd4603c51d0de7ecad1018ea9cdd017b2cd39066d0dcc68b6e4db2344882d0e94995396bdc786bb3268e72469d1f936

  • SSDEEP

    3072:pBkApSndJOALbdXDWWLD5Acq6NEl84DDx7wg3puD5z26:8A4nLbdXDR5qiEVdZuD1t

Malware Config

Targets

    • Target

      bff5cd0eab781940d062b34c408f71354b17f8a3bbe30f4b8685da1d4b6be4c5

    • Size

      186KB

    • MD5

      e22f5d82448333c9047bafe9d1331d5f

    • SHA1

      4be6fce8f1c01d622e9570a09c1632a96218e474

    • SHA256

      bff5cd0eab781940d062b34c408f71354b17f8a3bbe30f4b8685da1d4b6be4c5

    • SHA512

      1bf0ecc04bb0a4f0569769191bb68f040dd4603c51d0de7ecad1018ea9cdd017b2cd39066d0dcc68b6e4db2344882d0e94995396bdc786bb3268e72469d1f936

    • SSDEEP

      3072:pBkApSndJOALbdXDWWLD5Acq6NEl84DDx7wg3puD5z26:8A4nLbdXDR5qiEVdZuD1t

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks